make non-root users reload named
Jim Reid
jim at rfc1035.com
Tue Jun 20 13:57:14 UTC 2000
>>>>> "Guy" == Guy Roelant <GuyR at e5-mode.be> writes:
Guy> How do i configure named so that non-root users can reload
Guy> the database. I want someone else than me (=root) to be able
Guy> to add entries in our company dns without giving this person
Guy> the root password. At the moment named is now being run as
Guy> root. should i alter this. The system is linux-2.0.35
Guy> running named-8.1.2
Use ndc to control the name server and have it talk to the name server
via a UNIX domain socket. [IIRC ndc does this by default.] ndc is
distributed with BIND. You can then adjust the access permissions
on that socket so that a suitably privileged (but non-root) user can
reload the name server. You might need a setuid or setgid front-end to
ndc so that you can control what this privileged user can do: for
example, they can issue a reload command but not use ndc to stop or
restart the name server.
BTW BIND8.1.2 has some security holes. You should upgrade to the
current version, 8.2.2P5. See:
http://www.isc.org/products/BIND/bind-security-19991108.html
More information about the bind-users
mailing list